OpsLens

DoD Invites Tech Wizards to ‘Hack the Pentagon’

Have you ever thought about the damage a simple keystroke can do? The Pentagon has. The Department of Defense (DoD) has long recognized the damage that a cyberattack can do to national security. Hackers have made news for getting into even the most hardened networks. So the DoD is challenging the best Silicon Valley tech companies to hack into one of the most secure systems in the world—their own.

“Hack the Pentagon” is a “crowdsourced security program” that pairs highly-capable tech companies with the Pentagon to “boost the Department’s capacity to run bug bounties aimed at strengthening security for internal DoD assets.”

In a press release dated October 24, the Department of Defense announced the expansion to the program, which has been running since 2016.

Contracts are given to run bug bounties with cash payouts to those who are able to identify critical vulnerabilities in the Department’s infrastructure. They are “designed to identify and resolve security vulnerabilities across targeted DoD websites and assets.”

Keeping Tight Security

Before you worry that any old Internet user will be given free reign to try to get into the Pentagon’s systems, there are protocols in place to make sure that classified national security data remains so. Three companies will be awarded contracts to work with the program. Only “highly vetted security researchers or ‘ethical hackers’” will work in the project.

The three crowdsourced Silicon Valley-based firms include Bugcrowd, HackerOne, and Synack. These firms have worked with companies such as HP, Twitter, Starbucks, and Netgear.

There will also be a clear way to disclose potential vulnerabilities without making them public knowledge. The Vulnerability Disclosure Policy outlined a “legal avenue for security researchers to find and disclose vulnerabilities in any DoD public facing systems.”

Innovation for the Future

This is just another way that the Department of Defense is embracing both new technology and new ways of conducting operations. “As cyber threats persist, the Defense Department is working to identify innovative approaches to bolster security, combat malicious activities, and build trusted private sector partnerships to counter threats” a DoD statement explained.

The Defense Digital Service team is responsible for the implementation of the “Hack the Pentagon” program and other initiatives to “bring in private sector talent and best practices to transform the way the Department approaches technology.” For an organization that is known for moving slowly, often with outdated tech, this push to use crowdsourcing is a huge step forward.

“When our adversaries carry out malicious attacks, they don’t hold back and aren’t afraid to get creative,” said Director of Defense Digital Service Chris Lynch. “Expanding our crowdsourced security work allows us to build a deeper bench of tech talent and bring more diverse perspectives to protect and defend our assets.”

The program is working, with over 8,000 valid vulnerabilities identified through “Hack the Pentagon.” The DoD is looking at other opportunities to use crowdsourcing to strengthen its security and capitalize on the knowledge brought by a wide variety of experts. “Hack the Pentagon” is just the next exciting step that the DoD is taking to embrace innovation, leverage nationwide talent, and remain on the cutting edge of technology.